-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose SENTRY_AUTH_TOKEN for frontend build #413
Conversation
Preview: https://packit-dashboard-pr-413.surge.sh (deployed at Tue 04 Jun 2024, 07:47 UTC) |
Build succeeded. ✔️ pre-commit SUCCESS in 1m 49s |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I looked things up and didn't see anything that we could utilize to make this foolproof. But no one would be able to get the secret that easily luckily. It's only something that can be accessed from within the repo
As for the secret itself, when we add it we should make sure it's unique to this specific repo and not a generic Packit one that is used everywhere. Means less work if it ends up leaked in a log somewhere as we just have to disable it for this repo
@@ -42,6 +42,11 @@ jobs: | |||
echo "commit_sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT | |||
id: branch_tag | |||
|
|||
- name: Set up secret file needed for the build | |||
run: echo "$SENTRY_AUTH_TOKEN" > /tmp/sentry-secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So that's the reason why GitLab allows to have secrets mounted as files :D
c294d27
to
02bad20
Compare
Build succeeded. ✔️ pre-commit SUCCESS in 1m 47s |
Followup of #410
I would like to avoid writing the secret into a file, but the
buildah
version in the action doesn't support env vars. Therefore open to any suggestions and opening it as draft 🙏